This is undoubtedly going to be quite controversial and I'm braced to lose a fair amount of reputation but my stance is that allowing Tor users makes my life as a moderator harder and I don't think that's a cost we need to bear. If you're a Tor user, I'd like to hear why you're a Tor user (I'm not so I might not understand) and by extension why you think this is a dreadful idea :)

Here's my argument for blocking Tor users from doing things on the sites:

Tor makes it ridiculously simple to abuse Stack Exchange. Sock-puppets, voting rings, spam and harassment, we've see all of this come over Tor where Tor was required to stop the automatic alarm bells going off.

Not all Tor users are evil, cheating trolls but do legitimate users need Tor for SE? We're not hosting porn or manuals on how to overthrow the communist state (none of the sites is blocked in China, it seems), so is there a reason we should be aiding people to connect via an anonymous proxy service?

By extension, I have zero sympathy for people using Tor to get around local network blocks. You shouldn't because circumventing network security is usually an actionable offence (and they'll catch you if you're using Tor).

Local privacy (sniffing et al) isn't so much an issue any more since SSL was enabled everywhere.

This is trivial to enable. Keep a local list of all the Tor nodes and check when the user does something. By that I mean POST but you could move that to specific actions.

I know that blocking Tor wouldn't solve all our problems but it stops the laziest. It forces would-be spammers to rent a botnet or use another less-stable or more illegal or more costly routes into the sites. In short, none but the most determined are going to bother us and even those will run out of steam sooner than the others.

And they'd still have readonly access if GETs were allowed through.

I'm surprised that no SE moderators have brought this up before. Perhaps I'm just famously bad at searching for things or it's been proposed and stoned to death multiple times...

"how to overthrow the communist state" - this phrase will probably trigger MSO block in China (we probably better allow Tor users to access meta sites as harm there is lower and easier to manage, plus this can work as an escape hatch when someone who really needs it needs to discuss it)
– gnatFeb 21 '14 at 13:04

5

"By extension, I have zero sympathy for people using Tor to get around local network blocks" - yeah, people should use SSH tunnels to get around ridiculous blocks :p
– ThiefMasterFeb 21 '14 at 13:16

4

@gnat Bad example I think, as it's common knowledge that one should use nyan cats to overthrow communist states. I thought everyone knew that?
– Tim Post♦Feb 21 '14 at 13:29

2

+1 just because as a fellow mod, I feel your pain. But I don't think it's practical to do - and I think the legitimate uses of Tor probably outweigh the effort we need to spend on the relatively few users who abuse it.
– Andrew BarberFeb 21 '14 at 14:35

2

Let me throw in my opinion that Tor has apparently had no effect on my life as a moderator. (The point being, there certainly isn't universal agreement among mods that this would be a desirable feature.)
– David ZOct 6 '14 at 22:54

4 Answers
4

There's no reliable way to track Tor exit nodes. There are services that do so, but at the rate that established nodes fall off and new nodes have been up long enough to be considered stable - the data gets stale pretty quickly. Believe me, I looked into this. I wasn't thinking of blocking, but knowing UserIPAddress.IsTorExitNode can be incredibly useful when programmatically addressing patterns of abuse.

Reverse PTR lookups generally hold a clue (and there is a DNSBL-like service), but we already do a lot of expensive checks on established sites when people post - there's quality blocks, spam checks, spam bucket checks (yes, there's several layers), not to mention the regex blacklist and ugh .. there's not a lot more room there. And there's also exit policies to consider.

The other option, getting a list of exit nodes that have accessed our LBs, well - that means we have to see them before we stop them, which .. is basically what we have now.

I've spoken to some Tor developers that were blocked from using our site for Tor by the spam layer, because they were coming from exit nodes that we were tracking. They hate the abuse that Tor sometimes lends itself to, but it is a very small percentage of the actual traffic, as far as they can tell (but that's the thing with Tor, you really can't tell). It's becoming obvious that the browser bundle is helping the not-so-technically-savvy cover their tracks, some of them for evil purposes.

Legitimate users have their own needs for using Tor, and it's not up to us to question that. Our stance on this is always going to be - we value your privacy just as much as you value your privacy, to the broadest extent that we can. Everyone has different needs, especially people living in oppressive regimes. We can't let you change IP addresses every second, for instance, because that's just insane. But, we do our best.

I know how much spam you're seeing, and we're working hard on improving the protection we've already put into place. It handles Tor well enough, but in some instances not soon enough, because a user has to hit us a few times before their footprint becomes deterministic.

This is not an easy problem to solve, but blocking Tor users would be the last resort I'd like to consider. There's a few things still in the pipe that haven't been implemented yet in the spam layer, I'd like to get those in before we do anything too drastic.

Again, I don't mean to understate the problem with spam on AU, I've been there with you a lot of the time getting rid of it. I just don't want to do this, at least not now. Knowing would be useful, if it could be done in a way that performs well. Blocking .. I'd hate to do that.

I don't know how you "looked into it" but I wrote torset. It generates you an ipset from the tor consensus file (same file every tor user uses, so always up to date). It's not very supported (eg. hasn't really got much documentation other than the readme, has no unit tests, ...) but it's very small and simple and works for me. If you want to use it I would recommend adding some unit tests and sending me a pull requests. I prefer people use it for whitelisting, but a tool is a tool, and it's not my call what it's used for. github.com/najamelan/torset
– user148312May 19 '14 at 20:46

@Tim, There's (of course) no 100% reliable way. But even at x%, that data can be valuable when combined with other statistics.
– PacerierJan 20 '16 at 20:57

Necroing a 2.5 year old answer, but tor is abused (recently, someone was using it to hide their sockpuppet).
– AveSep 10 '16 at 19:40

I think participating in Christianity Stack Exchange would be illegal in many countries and users from those countries might prefer to use TOR. And even in general a potential "whistle blower" might like to post source code, electronic schematics etc for review they feel puts the public at risk they don't want traced back to themselves.

There are also users from Iran that find Judaism via tor - and could be executed for doing so if discovered.
– Tim Post♦Feb 21 '14 at 14:24

7

@TimPost People doing things like that makes most of our usage of the word "courageous" here in the U.S. seem really weak.
– Andrew BarberFeb 21 '14 at 14:37

4

This is fair enough but given the nature of SE, isn't this fairly site dependant? I know people label fights about which programming language is best as "holy wars" but they're not something somebody is going to get in trouble over. If there are SE sites that foster controversial content, perhaps they could be exempt from the Tor check.
– OliFeb 21 '14 at 16:59

@Oli: That sounds like the kind of thing you really don't want to have rely on someone remembering to post a meta discussion and pinging a dev on before someone can, y'know, safely access an SE site about something critical without being imprisoned or killed. If SE accidentally left a site (especially a new site) out of the set of "Tor-enabled" sites, that could have very bad consequences, especially since the list of Tor-enabled sites would not be trivial for such users to access!
– Nathan TuggyMar 17 at 3:25

I think the existing blocks triggered by spam flags and user destruction (SpamRam) is enough, and we don't need to preemptively block all Tor users. The existing mechanisms will block Tor exit nodes temporarily and of course also affect innocent users, but that is a necessary evil in this case. Blocking all Tor traffic would be a far more drastic action, and I don't see a drastic enough reason to justify it.

I don't think we should switch around the justification and require a group of users to show that they should be allowed to post here. If such a decision should be made, I'd collect some actual data on the participation on SE sites from Tor, and check how large the percentage of abusive content is. Without such data indicating a severe problem I don't see any justification for such a drastic block.

SSL, I believe, encrypts transmissions, but the website/server (SE) knows what data was sent and which IP sent it. Tor is used for many reasons by many people. Legitimate users may or may not need Tor, but it is their right. Everybody deserves privacy no matter what, and it is the user's choice to break any laws set in place about bypassing censorships via Tor. Also, there are many ways to cause abuse, such as creating throw-away account using throw-away emails, though this can be used for legitimate reasons.